Beispiel #1
0
def ParseCFURLEntry(db, cfurl_cache_artifacts, username, app_bundle_id, cfurl_cache_db_path):
    db.row_factory = sqlite3.Row
    tables = CommonFunctions.GetTableNames(db)
    schema_version = 0
    if 'cfurl_cache_schema_version' in tables:
        schema_version = CheckSchemaVersion(db)
    else:
        log.debug('There is no cfurl_cache_schema_version table.')

    if 'cfurl_cache_response' in tables:
        if schema_version in (0, 202):
            query = """SELECT entry_ID, time_stamp, request_key, request_object, response_object, isDataOnFS, receiver_data 
                        FROM cfurl_cache_response JOIN cfurl_cache_blob_data USING (entry_ID) 
                        JOIN cfurl_cache_receiver_data USING (entry_ID)"""
            cursor = db.execute(query)
            for row in cursor:
                http_req_method, req_headers = ParseRequestObject(row['request_object'])
                http_status, resp_headers = ParseResponseObject(row['response_object'])
                if type(row['receiver_data']) == bytes:
                    received_data = row['receiver_data']
                elif type(row['receiver_data']) == str:
                    received_data = row['receiver_data'].encode()
                else:
                    log.error('Unknown type of "receiver_data": {}'.format(type(row['receiver_data'])))
                    continue

                item = CfurlCacheItem(row['time_stamp'], row['request_key'], http_req_method, req_headers, 
                                        http_status, resp_headers, row['isDataOnFS'], received_data, 
                                        username, app_bundle_id, cfurl_cache_db_path)
                cfurl_cache_artifacts.append(item)
Beispiel #2
0
def ReadTopSitesDb(chrome_artifacts, db, file_size, user, source):
    try:
        db.row_factory = sqlite3.Row
        tables = CommonFunctions.GetTableNames(db)
        if 'topsites' in tables: # meta.version == 4
            cursor = db.cursor()
            query = "SELECT url, url_rank, title from top_sites ORDER BY url_rank ASC"
            cursor = db.execute(query)
            for row in cursor:
                item = ChromeItem(ChromeItemType.TOPSITE, row['url'], row['title'], None, None, None, None, f"URL_RANK={row['url_rank']}", user, source)
                chrome_artifacts.append(item)
        elif 'thumbnails' in tables: # meta.version == 3
            cursor = db.cursor()
            query = "SELECT url, url_rank, title, last_updated from thumbnails ORDER BY url_rank ASC"
            cursor = db.execute(query)
            for row in cursor:
                item = ChromeItem(ChromeItemType.TOPSITE, row['url'], row['title'], CommonFunctions.ReadChromeTime(row['last_updated']),
                                    None, None, None, f"URL_RANK={row['url_rank']}", user, source)
                chrome_artifacts.append(item)
    except sqlite3.Error:
        log.exception('DB read error from ReadTopSitesDb()')